Veeam: Security Vulnerabilities
A vulnerability in Veeam ONE allows an unprivileged user who has access to the Veeam ONE Web Client the ability to acquire the NTLM hash of the account used by the Veeam ONE Reporting Service. Note: The criticality of this vulnerability is reduced as it requires interaction by a user with the Veeam ONE Administrator role.
CVSS Score
4.5
EPSS Score
0.016
Published
2023-11-07
A vulnerability in Veeam ONE allows an unprivileged user who has access to the Veeam ONE Web Client the ability to acquire the NTLM hash of the account used by the Veeam ONE Reporting Service.
CVSS Score
9.8
EPSS Score
0.01
Published
2023-11-07
A vulnerability in Veeam ONE allows an unauthenticated user to gain information about the SQL server connection Veeam ONE uses to access its configuration database. This may lead to remote code execution on the SQL server hosting the Veeam ONE configuration database.
CVSS Score
9.9
EPSS Score
0.108
Published
2023-11-07
CVE-2023-27532
Vulnerability in Veeam Backup & Replication component allows encrypted credentials stored in the configuration database to be obtained. This may lead to gaining access to the backup infrastructure hosts.
Known exploited
CVSS Score
7.5
EPSS Score
0.81
Published
2023-03-10
Improper authentication in Veeam Backup for Google Cloud v1.0 and v3.0 allows attackers to bypass authentication mechanisms.
CVSS Score
9.8
EPSS Score
0.003
Published
2022-12-05
A reflected DOM-Based XSS vulnerability has been discovered in the Help directory of Veeam Management Pack for Microsoft System Center 8.0. This vulnerability could be exploited by an attacker by convincing a legitimate user to visit a crafted URL on a Veeam Management Pack for Microsoft System Center server, allowing for the execution of arbitrary scripts.
CVSS Score
6.1
EPSS Score
0.01
Published
2022-07-14
CVE-2022-26500
Improper limitation of path names in Veeam Backup & Replication 9.5U3, 9.5U4,10.x, and 11.x allows remote authenticated users access to internal API functions that allows attackers to upload and execute arbitrary code.
Known exploited
CVSS Score
8.8
EPSS Score
0.205
Published
2022-03-17
CVE-2022-26501
Veeam Backup & Replication 10.x and 11.x has Incorrect Access Control (issue 1 of 2).
Known exploited
CVSS Score
9.8
EPSS Score
0.672
Published
2022-03-17
Improper authentication in Veeam Backup & Replication 9.5U3, 9.5U4,10.x and 11.x component used for Microsoft System Center Virtual Machine Manager (SCVMM) allows attackers execute arbitrary code via Veeam.Backup.PSManager.exe
CVSS Score
8.8
EPSS Score
0.004
Published
2022-03-17
Deserialization of untrusted data in Veeam Agent for Windows 2.0, 2.1, 2.2, 3.0.2, 4.x, and 5.x allows local users to run arbitrary code with local system privileges.
CVSS Score
7.8
EPSS Score
0.018
Published
2022-03-17